What modifies in the httpd.conf the '-i apache' command on Mac OS 10

szekelygobe · December 22, 2022, 11:08am

So I'm trying to renew a certificate for the domain below. This is a mac server that uses the 'server' application for managing the configurations.
This is a legacy server, with old software.

After running the command :
sudo certbot renew -i apache -a webroot -w /Library/WebServer/Documents/

The web server gives this following error:
httpd: Syntax error on line 175 of /usr/local/etc/apache2/2.4/httpd.conf: Cannot load /usr/local/Cellar/php56/5.6.29_5/libexec/apache2/libphp5.so into server: dlopen(/usr/local/Cellar/php56/5.6.29_5/libexec/apache2/libphp5.so, 10): Library not loaded: /usr/local/opt/readline/lib/libreadline.7.dylib\n Referenced from: /usr/local/Cellar/php56/5.6.29_5/libexec/apache2/libphp5.so\n Reason: image not found

So now I'm not sure to comment out the line in question or to instal or link the readline/libreadline...

My domain is:
www.ratza-ratza.com
I ran this command:
sudo certbot renew -i apache -a webroot -w /Library/WebServer/Documents/

My web server is (include version):
Apache
The operating system my web server runs on is (include version):
Mac OS 10

I can login to a root shell on my machine (yes or no, or I don't know):
Yes

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):
certbot 1.31.0

rg305 · December 22, 2022, 11:35am

Hi @szekelygobe, and welcome to the LE community forum

If this happened by running certbot, I'd try running:
sudo certbot rollback

If that removes that error, then I'd switch away from using -i apache and do that part manually.

szekelygobe · December 22, 2022, 3:35pm

I'm running the 'server' app for managing the certificates, but I'm not sure how to renew.
With the command below the certificate seems to be renewed but in the server app the old certificate is active....
sudo certbot renew -a webroot -w /Library/WebServer/Documents/
I have the expiring certificate in the list of certificates:
If I select the certificate I can renew with the generation of a CSR file that I need to send to letsencrypt.

I'm not the administrator of this server and I'm also new to this 'server' app.
How do I proceed ?

MikeMcQ · December 22, 2022, 3:43pm

Well, first, submitting a CSR to Let's Encrypt is not required. Certbot will create one internally as needed.

And, if you have a "server app" that gets certs you don't also use Certbot. You only use one system to get certs.

I see your server is currently using a cert with 4 domain names in it but you got a cert 2 days ago with just the one name. (see link here)

Is that intentional? (usually not)

Also, what do you mean when you say your are not the admin for this server. Usually cert requests are done on the server so needs admin access.

EDIT: Note in your first post you used the renew command. The renew does not update your Apache config only the install or run commands do that. Using -i Apache for renew will just reload Apache when the cert is issued.

szekelygobe · December 22, 2022, 7:39pm

I'm not the one who setup the server, I'm only the one who was asked to update the certificate (not the administrator), I do have the admin passwords.
To only renew the certificate for one domain was not intentional
I need to renew the one with 4 domain names, and update the apache config....

MikeMcQ · December 22, 2022, 8:28pm

We'll need to work this step by step then. Please show output of these two commands

sudo certbot certificates

sudo apache2ctl -t -D DUMP_VHOSTS

szekelygobe · December 23, 2022, 12:38pm

For the certificates :

Found the following certs:
Certificate Name: www.ratza-ratza.com
Serial Number: 3d85e5cb592db4e98a3500eeed6067dd17b
Key Type: RSA
Domains: www.ratza-ratza.com
Expiry Date: 2023-03-20 19:44:16+00:00 (VALID: 87 days)
Certificate Path: /etc/letsencrypt/live/www.ratza-ratza.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.ratza-ratza.com/privkey.pem

For the sudo apache2ctl -t -D DUMP_VHOSTS I get an error command not found

MikeMcQ · December 23, 2022, 2:03pm

Try these instead. One of them should work

sudo apachectl -t -D DUMP_VHOSTS

sudo httpd -t -D DUMP_VHOSTS

szekelygobe · December 25, 2022, 10:22am

I get only this

VirtualHost configuration:

MikeMcQ · December 25, 2022, 3:22pm

I don't know how to help you with that. It should have displayed the VirtualHost definitions in Apache but you don't have any. You might want to try a forum for MacOS and that "server" management tool you described.

The certbot certificate list only showed the most recent cert with just the one domain. I don't see how you got the cert with 4 domain names in it which is the one you said you wanted to renew. Somehow you either deleted that from certbot or used a different ACME client for that (the "server" tool?).

Also, your DNS for the ratza-ratza.com has a problem. It lists two IP addresses and only one returns a result.

Name:   ratza-ratza.com
Address: 82.208.173.31
Name:   ratza-ratza.com
Address: 82.76.35.236

The IP ending in .31 fails connections. See the Let's Debug site debug info (link here)

szekelygobe · December 26, 2022, 3:35pm

This is in the registry of letsencrypt? If so, how can we delete the wrong entry?
This is the server app I'm using:

MikeMcQ · December 26, 2022, 3:42pm

No. It is in your DNS records. You do that with your DNS provider

Your DNS for www.ratza-ratza.com only has the one DNS A record. Your "apex" domain name has two.

system · January 25, 2023, 3:43pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.